Skip to content

0.4.0
Compare
Choose a tag to compare
@0xdabbad00 0xdabbad00 released this 09 Jan 03:57
0.4.0
8bffd36
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This release adds the ability to have custom auditors. This is documented in the README, showing an example of how to create an auditor to generate findings for any policy that grants access to a sensitive S3 bucket: https://github.com/duo-labs/parliament#custom-auditors

This also changed how the filtering works for ignoring findings, which gives some greater control over that, by changing what had been a search for a substring into a full regex match. The regex match does mean that a search for a substring like s3:* now must be written as .*s3:\\*.* (note that .* are added to the ends so this function as a substring lookup, and the original * needs to be double-escaped as \\*).

Assets 2
Loading